Inherit CSP for blob workers (#38033)

Workers created from Blobs inherit their CSP. Now we inherit the CSP and
set the correct base API url. The base API url should be used when
determining the
report-uri endpoint. Otherwise, the blob URL would be used as a base,
which is invalid and the report wouldn't be sent.

Also create a helper method to concatenate two optionals of CSPList,
which was used in several places.

Part of #4577

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

components/script/dom/workerglobalscope.rs

@@ -20,12 +20,12 @@ use ipc_channel::ipc::IpcSender;
 use js::jsval::UndefinedValue;
 use js::panic::maybe_resume_unwind;
 use js::rust::{HandleValue, MutableHandleValue, ParentRuntime};
-use net_traits::IpcSend;
 use net_traits::policy_container::PolicyContainer;
 use net_traits::request::{
     CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
     RequestBuilder as NetRequestInit,
 };
+use net_traits::{IpcSend, ReferrerPolicy};
 use profile_traits::mem::{ProcessReports, perform_memory_report};
 use servo_url::{MutableOrigin, ServoUrl};
 use timers::TimerScheduler;
@@ -276,6 +276,12 @@ impl WorkerGlobalScope {
         self.policy_container.borrow_mut().set_csp_list(csp_list);
     }
 
+    pub(crate) fn set_referrer_policy(&self, referrer_policy: ReferrerPolicy) {
+        self.policy_container
+            .borrow_mut()
+            .set_referrer_policy(referrer_policy);
+    }
+
     pub(crate) fn append_reporting_observer(&self, reporting_observer: DomRoot<ReportingObserver>) {
         self.reporting_observer_list
             .borrow_mut()